This introductory talk introduces the patterns and protocols used to secure microservices. The goal is to present how standards such as JWT, JWA, JWS, JWE, JWK, OAuth2, OpenId Connect, and others can be combined to make writing secure microservices easy. The patterns and protocols will be illustrated with a demo application build using Spring & PCF. The goal is to demonstrate how to make writing secure microservices easier.
Session management has been part of enterprise Java for so long that it has faded to the background of our consciousness as a solved problem, and we have not seen any major innovation in that arena in recent memory.
However the modern trend towards micro services and horizontally scalable cloud native applications challenges the assumptions upon which session managers have been designed and built for the past 20 years, and exposes flaws in the design of modern session managers.
This article will demonstrate how the recently released Spring Session APIs help surmount some of the limitations of the current approach to session management, traditionally employed by enterprise Java. We will start with a summary of the problems with current session managers, then dig into the details of how Spring Session solves each of those problems. We will wrap up the article with a detailed explanation of how Spring Session works and how you can use it in your projects.